IBM Network Performance Insight 1.1.1Document Revision R2E1
Configuring Network PerformanceInsight
IBM
NoteBefore you use this information and the product it supports, read the information in “Notices” on page 43.
This edition applies to version _1_, release _1_, modification _1_ of _IBM Network Performance Insight and to allsubsequent releases and modifications until otherwise indicated in new editions.
© Copyright IBM Corporation 2015, 2016.US Government Users Restricted Rights – Use, duplication or disclosure restricted by GSA ADP Schedule Contractwith IBM Corp.
Contents
Configuring Network PerformanceInsight . . . . . . . . . . . . . . . vIntended audience . . . . . . . . . . . . vOrganization . . . . . . . . . . . . . . vNetwork Performance Insight overview . . . . . vService Management Connect . . . . . . . . viiNetwork Performance Insight technical training . . viiSupport information . . . . . . . . . . . viiConventions used in this publication . . . . . viii
Typeface conventions . . . . . . . . . . viii
Chapter 1. Introduction . . . . . . . . 1
Chapter 2. Configure npi.conf filesettings . . . . . . . . . . . . . . . 3Editing default settings in a configuration file . . . 3
Controlling Network Performance Insight system 5Configuring the Network Performance Insight forcommunicating with Jazz for Service Management. . 6Configuring NCIM database connectivity . . . . . 8Configuring the OMNIbus Standard Input probe towork with Network Performance Insight . . . . 10
Chapter 3. Configure Jazz for ServiceManagement portal . . . . . . . . . 13Logging in to the Dashboard Application ServicesHub portal . . . . . . . . . . . . . . 13
Starting Jazz for Service Management applicationservers . . . . . . . . . . . . . . . 14Stopping Jazz for Service Managementapplication servers . . . . . . . . . . . 14Common directory locations for Jazz for ServiceManagement . . . . . . . . . . . . . 15
Groups and users . . . . . . . . . . . . 18Creating users and groups in a repository . . . 18Granting roles to npiadmin user. . . . . . . 19
Single sign-on . . . . . . . . . . . . . 19
Configuring single sign-on on the Jazz forService Management server . . . . . . . . 20
Configuring the SSL communication for integration 22Generating the SSL certificate for NetworkPerformance Insight system . . . . . . . . 22Exporting SSL personal certificate for NetworkPerformance Insight system . . . . . . . . 23Copying Jazz for Service Management rootcertificate to Network Performance Insight . . . 24Adding the root certificate to your browser. . . 25Adding the root certificate to JRE keystore onyour desktop . . . . . . . . . . . . . 26
Adding the LDAP user registry as a federatedrepository . . . . . . . . . . . . . . . 26Configuring Network Performance Insight consoleintegration on Jazz for Service Management . . . 28
Appendix A. Starting Jazz for ServiceManagement application servers . . . 31
Appendix B. Stopping Jazz for ServiceManagement application servers . . . 33
Appendix C. Common directorylocations for Jazz for ServiceManagement . . . . . . . . . . . . 35
Appendix D. service npi commandreference. . . . . . . . . . . . . . 39
Appendix E. npid command reference 41
Notices . . . . . . . . . . . . . . 43Trademarks . . . . . . . . . . . . . . 45Terms and conditions for product documentation. . 46
© Copyright IBM Corp. 2015, 2016 iii
iv Configuring Network Performance Insight
Configuring Network Performance Insight
You can configure IBM® Network Performance Insight, Version 1.1.1 and itsintegration services through user interface console and command line interface.You can also administer and manage application security and single sign-on fromDashboard Application Services Hub portal.Related information:
Configuring network discovery on Tivoli Network Manager
Intended audienceThe audience who are network administrator or operations specialist responsibleforconfiguring the Network Performance Insight product suite on an enterprisenetwork.
To install Network Performance Insight successfully, you must have a thoroughunderstanding of the following subjects:v Network Performance Insight 1.1.1 systemv Basic principles of network protocols and network managementv Flow conceptsv RHEL Administrationv Jazz for Service Management
OrganizationRead this summary to help you find the information that you need.v Chapter 1, “Introduction,” on page 1v Chapter 2, “Configure npi.conf file settings,” on page 3v Chapter 3, “Configure Jazz for Service Management portal,” on page 13
Network Performance Insight overviewIBM Network Performance Insight is a flow-based network traffic performancemonitoring system.
Network Performance Insight provides comprehensive, flexible, and scalable trafficdata management with visualization and reporting to support complex,multi-vendor, multi-technology networks. It offers a range of dashboard viewswith robust security features that are designed to meet the needs of executivemanagement and converging network and IT operations teams.
Network Performance Insight offers near real-time and interactive view on thetraffic data that helps in reduced network repair times and optimized networkperformance.
Network Performance Insight provides IBM Netcool® Operations Insight withnetwork performance monitoring capabilities to address modern networkmanagement challenges around application-oriented, software-defined-networks inthe enterprise data centers and intranet.
© Copyright IBM Corp. 2015, 2016 v
The following diagram shows how data is flowing through the variouscomponents in Network Performance Insight:
The flow records that are sent by the configured flow exporters are collected byCollector, and sent to Inventory or Analytics component based on the informationthat they contain.
Analytics component performs flow data aggregation. These results are then storedin Network Performance Insight database.
Additionally, you can enable or disable the processing of flow records on each flowinterface on Dashboard Application Services Hub portal. The dashboards provideup-to-date actionable information to provide an insight into network problems andstreamline root cause analysis.
The data from the Storage component can be queried to display the results onNetwork Health Dashboard or OMNIbus Web GUI from Active Event List or EventViewer.
You must integrate Network Performance Insight with IBM Tivoli® NetworkManager and Tivoli Netcool/OMNIbus components of IBM Netcool OperationsInsight to take advantage of its network topology views and fault managementcapabilities.
Network Performance Insight includes the following documents:v Release summaryv Quick Start Guidev Installing Network Performance Insightv Configuring Network Performance Insightv Integrating with Netcool Operations Insight
vi Configuring Network Performance Insight
v Getting Started with Network Performance Insightv Troubleshooting Network Performance Insightv Referencesv Technical notesRelated information:
IBM Network Performance Insight on IBM Knowledge Center
Service Management ConnectConnect, learn, and share with Service Management professionals: product supporttechnical experts who provide their perspectives and expertise.
Access Network and Service Assurance community at https://www.ibm.com/developerworks/servicemanagement/nsa/index.html. Use Service ManagementConnect in the following ways:v Become involved with transparent development, an ongoing, open engagement
between other users and IBM developers of Tivoli products. You can access earlydesigns, sprint demonstrations, product roadmaps, and prerelease code.
v Connect one-on-one with the experts to collaborate and network about Tivoliand the Network and Service Assurance community.
v Read blogs to benefit from the expertise and experience of others.v Use wikis and forums to collaborate with the broader user community.Related information:
IBM Network Performance Insight community on developerWorks
Network Performance Insight technical trainingFor Tivoli technical training information, see the following Network PerformanceInsight Training website at https://tnpmsupport.persistentsys.com/updated_trainings.
Support informationIf you have a problem with your IBM Software, you want to resolve it quickly.IBM provides the following ways for you to obtain the support you need:
OnlineAccess the IBM Software Support site at http://www.ibm.com/software/support/probsub.html .
IBM Support AssistantThe IBM Support Assistant is a free local software serviceability workbenchthat helps you resolve questions and problems with IBM Softwareproducts. The Support Assistant provides quick access to support-relatedinformation and serviceability tools for problem determination. To installthe Support Assistant software, go to http://www.ibm.com/software/support/isa.
Troubleshooting GuideFor more information about resolving problems, see the problemdetermination information for this product.
Configuring Network Performance Insight vii
Conventions used in this publicationSeveral conventions are used in this publication for special terms, actions,commands, and paths that are dependent on your operating system.
Typeface conventionsThis publication uses the following typeface conventions:
Bold
v Lowercase commands and mixed case commands that are otherwisedifficult to distinguish from surrounding text
v Interface controls (check boxes, push buttons, radio buttons, spinbuttons, fields, folders, icons, list boxes, items inside list boxes,multicolumn lists, containers, menu choices, menu names, tabs, propertysheets), labels (such as Tip:, and Operating system considerations:)
v Keywords and parameters in text
Italic
v Citations (examples: titles of publications, diskettes, and CDs)v Words defined in text (example: a nonswitched line is called a
point-to-point line)v Emphasis of words and letters (words as words example: "Use the word
that to introduce a restrictive clause."; letters as letters example: "TheLUN address must start with the letter L.")
v New terms in text (except in a definition list): a view is a frame in aworkspace that contains data.
v Variables and values you must provide: ... where myname represents....
Monospace
v Examples and code examplesv File names, programming keywords, and other elements that are difficult
to distinguish from surrounding textv Message text and prompts addressed to the userv Text that the user must typev Values for arguments or command options
Bold monospace
v Command names, and names of macros and utilities that you can typeas commands
v Environment variable names in textv Keywordsv Parameter names in text: API structure parameters, command
parameters and arguments, and configuration parametersv Process namesv Registry variable names in textv Script names
viii Configuring Network Performance Insight
Chapter 1. Introduction
Requires simple configuration settings. Network Performance Insight collects datafrom the monitored flow-enabled devices. The processed and aggregated data canbe viewed from the Network Health Dashboard after integration with IBM TivoliNetwork Manager. This version has minimal system requirements for the largedata that it can manage.
Important: Before you configure Network Performance Insight, read the ReleaseSummary.
Network Performance Insight, v1.1.1 integrates with IBM Tivoli Network Managerand IBM Tivoli Netcool/OMNIbus components of IBM Netcool Operations Insight1.4.
For Network Performance Insight to be fully functional and for traffic data to beavailable on Jazz™ for Service Management, you must perform the followingconfigurations:v Configure Network Performance Insight configuration file.
Create and edit the Network Performance Insight configuration file npi.conf.v Configure the Jazz for Service Management portal where Network Performance
Insight is federated for visualization of traffic data and events from NetworkHealth Dashboard.Configure Dashboard Application Services Hub to access the federated NetworkPerformance Insight user interfaces that are available through Network HealthDashboard.
v Configure your network discovery by using the following tools available inTivoli Network Manager GUI:– Discovery Configuration Wizard to perform initial discoveries.– Discovery Configuration GUI to perform subsequent discoveries.
v Configure the launch-in-context Traffic Details dashboards from Active EventList or Event Viewer on Dashboard Application Services Hub.For more information, see Configuring integration with Tivoli Netcool/OMNIbus inIntegrating Network Performance Insight.
Related information:
Configuring network discovery on Tivoli Network Manager
© Copyright IBM Corp. 2015, 2016 1
2 Configuring Network Performance Insight
Chapter 2. Configure npi.conf file settings
npi.conf file settings.
The npi.conf file settings must be updated in the following scenarios:v To override the default Network Performance Insight settings.v To configure the communication between Network Performance Insight and Jazz
for Service Management.v To configure the connectivity to Tivoli Network Manager to access the Network
Connectivity and Inventory Model (NCIM) database that contains the topologydata and the Network Manager reports.
Note: The NCIM database is a relational database that consolidates topologydata discovered by Network Manager. (OSI layers 1, 2 and 3).
v To configure the OMNIbus Standard Input probe for event processing inNetwork Performance Insight.
Editing default settings in a configuration fileTypically, the npi.conf file must be configured to override some default settings.
Procedure1. Create or edit npi.conf file in Notepad or similar application and add the
lines according to your requirement.Configure NetFlow data collection2. To change the default listener port, add the comma-separated list of socket
addresses with in square brackets to the npi.conf file:collector.flow.udp.ports= ["socketAddress1", "socketAddress2", ...]
The default UDP listener port for any IP address is 4379. Currently, only UDPis supported.
Note: Socket address is a form of ipAddress:portNumber where ipAddress isoptional.For example, <10.1.2.3>:4390, 4990
3. To black list flow exporter IP addresses, add the following lines to npi.conffile:collector.flow.exporter.blacklist = ["ipAddress1", "ipAddress2", ...]
Add the comma-separated list of IP addresses in square brackets. The flowdata from these exporters in the list is blocked from further processing.
Configure logging4. To specify the retention period for the historical log files, add the following
lines to npi.conf file:logging.history = nn
Where nn is an integer value.
Note: The default value is 10. A new npi.log file is created everyday and thelog file that is created on the previous day is renamed to npi-
© Copyright IBM Corp. 2015, 2016 3
<mm_dd_yyyy>.log. This setting determines how many days these log files aremaintained in the <NPI_Home>/log directory.
5. To configure the log level for the error messages that are logged in npi.logfile, add the following lines to npi.conf file:logging.level = {INFO | WARN | ERROR | ALL | OFF}
If you do not set any values, the default logging level is INFO. After yourestart the Network Performance Insight server, the logging level that youentered becomes the default logging level. If you set the logging level as OFF,the logging is disabled.
Table 1. Log level rules for different options
Logging level INFO WARN ERROR ALL OFF
INFO YES NO NO YES NO
WARN YES YES NO YES NO
ERROR YES YES YES YES NO
Configure DNS server6. To set or edit the DNS server details, add the following lines to npi.conf file:
dns.server.address= "<DNS_Server_IP_Add>"dns.server.port= <DNS_Server_Port_Number>
The default DNS server port number is 53.Typically, if you do not set the DNS server IP address setting in npi.conf, itlooks for nameserver setting in /etc/resolv.conf file during DNS lookup andresolution. If the nameserver setting is not there in this file, then it defaults tolocalhost.
Configure the networking timeouts for DNS resolution7. To set or edit the networking timeouts for resiliency in DNS resolution, add
the following lines to npi.conf file:
Setting Default value Description
dns.network.initiationn.timeout 30 seconds The maximum amount oftime the DNS Service waitsin “Disconnected” statebefore it attempts toconnect to the DNS Server.
dns.network.connection.timeout 10 seconds The maximum amount oftime the DNS Service waitsin “Connecting” state forthe networking layer torespond that the connectionis established.
dns.network.acknowledgement.timeout 5 seconds The maximum amount oftime the DNS Service waitsin “Waiting” state for thenetworking layer torespond with anacknowledgment that theoutbound packet is writtento the operatingsystem/networking buffers.
4 Configuring Network Performance Insight
Setting Default value Description
dns.network.disconnect.timeout 5 seconds The maximum amount oftime the DNS Service waitsin “Disconnecting” statebefore it resets and movesto “Disconnected” state toclose the connection.
Configuring backup snapshots count8. To specify the maximum number of backup snapshots, add the following lines
to npi.conf file:storage.maxBackupSnapshotCount = n
Where n is an integer value.
Note: The default value is 7. The backup procedure maintains a total of 7backup snapshots at any point in the <NPI_Home>/work/backup-snapshotdirectory.
Next steps9. Save the npi.conf file in the <NPI_Home>/conf directory.
10. Restart the system.For more information, see Controlling Network Performance Insight system inInstalling Network Performance Insight.
Controlling Network Performance Insight systemCommands to control the Network Performance Insight application processes.
About this task
You can control the system that is running Network Performance Insight in thefollowing ways:v Use the service npi command optionsv Use the npid command optionsv Use the chkconfig utility to disable the npi service.
Procedurev Run the service npi command to start, stop, and restart Network Performance
Insight by using the following commands:./ service npiUsage: {start|stop|restart|kill|status|version|help}
For more information, see service npi command reference in Command Line Interface.v Run the npid command to start, stop, and restart Network Performance Insight
by using the following commands:cd <NPI_Home>/bin./npidUsage: {start|stop|restart|kill|status|version|help}
For more information, see npid command reference in Command Line Interface.v Disable the npi service in runlevels 2, 3, 4, and 5 by using the chkconfig
command with the following option:chkconfig service npi off
Chapter 2. Configure npi.conf file settings 5
npid command referenceUsage for the npid command. Run the npid command to start, stop, and restartNetwork Performance Insight.
Location
<NPI_Home>/bin
NPI_Home is the location where Network Performance Insight is installed. Forexample, /opt/IBM/NPI.
Syntax
npid {start| stop |restart |kill |status |version |help}
Parameters
startStarts Network Performance Insight application.
stopStops Network Performance Insight application.
restartStops and starts Network Performance Insight application.
killKills the Network Performance Insight application process by using thecommand kill -9.
statusChecks if Network Performance Insight process is running when you use thecommand ps -eaf.
versionShows the version of Network Performance Insight that is installed.
helpDisplays the usage for npid command.
Configuring the Network Performance Insight for communicating withJazz for Service Management
This configuration in npi.conf file helps Network Performance Insight server tocommunicate with the server where Jazz for Service Management is installed.
About this task
You can use the template file npi-dash.template that is available in<NPI_Home>/conf folder.
6 Configuring Network Performance Insight
Procedure1. Create or edit npi.conf file and enter the following details:
Table 2. Configurations for Network Performance Insight
Property Description Recommended value
https.port Secure port on whichNetwork PerformanceInsight applicationconsole can be accessed
9443
https.keystore.file Full path for the keystorefile that stores SSLcertificate that is used byNetwork PerformanceInsight.
conf/security/security.keystore
https.keystore.password Password for SSLkeystore that is used byNetwork PerformanceInsight.
WebASNote: Use the encryptedpassword. To encrypt, followthe steps in Encrypting ObjectServer password in Integratingwith Tivoli/Netcool OMNIbus.
https.key.password Password for SSL Keythat is used by NetworkPerformance Insight
WebASNote: Use the encryptedpassword. To encrypt, followthe steps in Encrypting ObjectServer password in Integratingwith Tivoli/Netcool OMNIbus.
security.dash.hostname Full DNS name for Jazzfor Service Managementserver. If this parameteris left blank, NetworkPerformance Insightintegration with NetcoolOperations Insight doesnot work. This entrymust be added beforeyou start DashboardApplication Services Hubfor the first time.
<myserver.ibm.com>
security.dash.port HTTPS port on whichJazz for ServiceManagement servercommunicates.
The default DashboardApplication Services HubHTTPS port is 16311.
Copy Dashboard ApplicationServices Hub root signercertificate file by using thename WebSphereCACert.pem to<NPI_Home>/conf/securityfolder. Without this file,Network Performance Insightcannot connect to DashboardApplication Services Hubsecure port.
security.dash.username Administrator user namefor Jazz for ServiceManagement
smadmin
Chapter 2. Configure npi.conf file settings 7
Table 2. Configurations for Network Performance Insight (continued)
Property Description Recommended value
security.dash.password Password for Jazz forService Managementadministrator user. Thispassword can beencrypted.
smadminNote: Use the encryptedpassword. To encrypt, followthe steps in Encrypting ObjectServer password in Integratingwith Tivoli/Netcool OMNIbus.
security.dash.domain Domain name of theserver. This entry mustbe added before you startDashboard ApplicationServices Hub for the firsttime.
.ibm.com
Example entries:https.port=9443
https.keystore.file=“conf/security/security.keystore”https.keystore.password=“86qTwzkzrq3gJcKwGbIHlQ==”https.key.password=“86qTwzkzrq3gJcKwGbIHlQ==”security.dash.hostname=“<myserver.ibm.com>”security.dash.port=16311security.dash.username=“smadmin”security.dash.password=“UZceWXqtBVIrfu50FfWVmg==”security.dash.domain=“.your-domain.com”
2. Save this file to <NPI_home>/conf directory.<NPI_home> is where Network Performance Insight is installed. For example,/opt/IBM/NPI.
3. Restart your system.
Configuring NCIM database connectivityThis configuration helps to federate IBM Tivoli Network Manager NCIM Topologydatabase that can be hosted on Oracle or IBM DB2 database into NetworkPerformance Insight storage.
Before you begin
Make sure that the following conditions are met before you connect the NCIMdatabase:v Install and configure the latest version of Tivoli Network Manager.v Install either IBM DB2 or Oracle database to host the NCIM topology database,
configure an instance, and create a database before Network Manager isinstalled.
v Install the Network Manager. During installation, the NCIM topology databaseis installed on the database that you created in the previous step.
v Your Oracle or DB2 instance is up and running.
v Compatible JDBC driver to connect to IBM DB2 database forTivoli Network Manager is used.For more information, see DB2 JDBC Driver Versions and Downloads.
v ojdbc6-11gR2.jar that is available in the <NPI_Home>/lib directoryis used.
8 Configuring Network Performance Insight
About this task
Modify the Network Performance Insight npi.conf configuration file in<NPI_Home>/conf folder. You can use the template file npi-itnm.template that isavailable in <NPI_Home>/conf folder.
Procedure1. Open the npi.conf file from <NPI_Home>/conf folder.2. Add the following settings for NCIM database connectivity:
itnm.host = “<myserver.ibm.com>”itnm.platform = "database-platform-type"itnm.port = <database_port_number>itnm.username = "<user_name>"itnm.password = "<password>"itnm.database = "NCIM"
Where:
Table 3. Configurations for NCIM database connectivity
Property Description Default value
itnm.host Hostname where TivoliNetwork Manager isrunning.
<myserver.ibm.com>
itnm.platform Supported database forNCIM
DB2
Oracle
Note: By default, it is DB2.
itnm.port Port number where NCIMdatabase is running.
Typical default values:
1521
50000
itnm.username Valid user name that isused to log in to NCIMdatabase.
db2inst1 or oracle basedon the database that NCIMis supported on.
itnm.password Valid password to log in toNCIM database.
Based on the database thatNCIM is supported on:
db2inst1
oracle
itnm.database Tivoli Network Managertopology database
NCIM
Chapter 2. Configure npi.conf file settings 9
Configuring the OMNIbus Standard Input probe to work with NetworkPerformance Insight
Modify the Network Performance Insight npi.conf configuration file in<NPI_Home>/conf folder.
Before you beginv Configure the host name resolution to resolve omnihost to the actual host name
where Tivoli Netcool/OMNIbus is installed. Add an alias entry in the/etc/hosts file as follows:<IP_Address> <fully_qualified_host_name> <alias>
For example,192.0.2.0 <myserver.ibm.com> omnihost
v Ensure that you have the following 32-bit Linux operating system libraries.– lib32z1– lib32ncurses5– lib32bz2-1.0– libstdc++6– lib32stdc++6
Note: The Standard Input probe is a 32-bit application and requires some 32-bitlibraries to work on a 64-bit environment.
About this task
The Standard Input probe is bundled with Network Performance Insight and isinstalled along with it. This probe works with minimal or no configurationsettings. If you want to change the ready for immediate deployment settings, youcan change the following settings by using the template file npi-noi.template thatis available in <NPI_Home>/conf folder:
Note: Change or add these settings only when recommended by IBM SupportProfessional.
Procedure1. Open the npi.conf file from <NPI_Home>/conf folder.2. Add the following setting for Tivoli Netcool/OMNIbus Standard Input
(STDIN) probe to send events to OMNIbus:event.netcool.home = "<netcool_installation_directory>"event.netcool.omnibus.home = "<omnibus_installation_directory>"event.netcool.omnibus.temp = "<temp_directory_for_log_files>"event.netcool.omnibus.stdin.args = "<additional_probe_command_line_args>"event.netcool.omnibus.stdin.props = "<omnibus_stdin_probe_properties_file_location>"event.netcool.omnibus.stdin.rules = "<omnibus-stdin-probe-rules-file_location>"
Where
Table 4. Configurations for OMNIbus REST APIs
Property Description Default value
event.netcool.home Root installation directory for yourNetcool products
NCHOME
$NCHOME defaults to/opt/IBM/tivoli/netcool.
10 Configuring Network Performance Insight
Table 4. Configurations for OMNIbus REST APIs (continued)
Property Description Default value
event.netcool.omnibus.home Root OMNIbus Installation directory NCHOME/omnibus
event.netcool.omnibus.temp Temp directory where the log filesare located
<NPI_HOME>/probe/omnibus/var
event.netcool.omnibus.stdin.args You can configure the STDIN probeto log at other levels (for ex, DEBUG),and to a different log location byspecifying this setting in thenpi.conf file.
Anything that is specified in thissetting is passed directly on thecommand line to the STDIN probe atstartup.
-messagelevel INFO -messagelog/var/tmp/stdin.probe.DEBUG.log
Or
-messagelevel DEBUG -raw
event.netcool.omnibus.stdin.props STDIN probe properties file location <NPI_HOME>/probe/omnibus/probes/linux2x86/stdin.props
event.netcool.omnibus.stdin.rules STDIN probe rules file location <NPI_HOME>/probe/omnibus/probes/linux2x86/stdin.rules
Note: By default, the Event Service processor that starts the STDIN probeconfigures the probe to log to the /opt/IBM/NPI/probe/omnibus/var/stdin.probe.log file.
Chapter 2. Configure npi.conf file settings 11
12 Configuring Network Performance Insight
Chapter 3. Configure Jazz for Service Management portal
Jazz for Service Management must be set up for Network Performance Insightfederation to work correctly and you can access the web-based visualizations.
Perform the following tasks:v Configure Network Performance Insight console integrations.v Create the users and assign roles in the user repository.v Configure single sign-on.v Configure SSL for integration with Network Performance Insight.
Logging in to the Dashboard Application Services Hub portalDepending upon your organization’s deployment, you can access the reportinginterface through Dashboard Application Services Hub.
Procedurev Access the reporting interface from Dashboard Application Services Hub as
follows:1. Open a web browser and enter the following URL for the Jazz™ for Service
Management UI and reporting server:https://host.domain:port/DASH_context_root
For example: https://<myserver.ibm.com>:16311/ibm/consoleWhere:– host.domain is the fully qualified host name or IP address of the Jazz for
Service Management UI and reporting server.When single sign-on (SSO) is enabled, ensure that you use the fullyqualified host name in the URL of the Jazz for Service Managementreporting and UI server. SSO requires that the browser pass LTPA cookiesto the Jazz for Service Management application server, and these cookiescontain the fully qualified host name.
– port is the secure HTTP port number that was specified duringinstallation. The default value is 16311.
– /DASH_context_root is the context root for the console that was specifiedduring installation. The default value is /ibm/console.
2. Enter the user ID and password in the Dashboard Application Services Hublogin page. Click Log in.The Dashboard Application Services Hub Welcome page opens.
3.
Note: Console Integration icon is available only after you complete the taskConfiguring Network Performance Insight console integration on Jazz for ServiceManagement that is available in Configuring Network Performance Insight.
Click Console Integration icon ( ) on the navigation bar and select thedashboard of your choice under System Configuration.
© Copyright IBM Corp. 2015, 2016 13
v Click Incident ( ) on the navigation bar and select Network HealthDashboard under Network Availability.
Starting Jazz for Service Management application serversYou can start any Jazz for Service Management virtualization and reporting serversby using the IBM WebSphere startServer command. You might need to restart theapplication server after you complete a configuration task for an integrationservice, or after you stop the application server for maintenance.
About this task
The same procedure applies to any Jazz for Service Management applicationserver.
Procedure1. On the relevant Jazz for Service Management server, open a command window.2. Change to the JazzSM_WAS_Profile/bin directory.
The default location for <JazzSM_WAS_Profile> is /opt/IBM/JazzSM/profile.3. Run the following command:
AIX
Linux
./startServer.sh server_name
Where
server_nameEnter the name of the application server that was specified when theapplication server profile was created.
For example, server1.
Stopping Jazz for Service Management application serversYou can stop any Jazz for Service Management application server by using the IBMWebSphere stopServer command. You might need to restart the application serverafter you complete a configuration task for an integration service, or stop theapplication server for maintenance. To start the server again, use the startServercommand.
Procedure1. On the relevant Jazz for Service Management server, open a command window.2. Change to the JazzSM_WAS_Profile/bin directory. The default location for
<JazzSM_WAS_Profile> is /opt/IBM/JazzSM/profile.3. Run the following command:
AIX
Linux
./stopServer.sh <server_name> -username <WAS_admin_user_name> -password <WAS_admin_password>
Where
server_nameEnter the name of the application server that was specified when theapplication server profile was created. For example, server1.
14 Configuring Network Performance Insight
WAS_admin_user_nameThe default user name is smadmin.
WAS_admin_passwordThis is the password that is specified at the time of installation.
Example
stopServer.sh server1 -username smadmin -password jazzsmpwd
Common directory locations for Jazz for Service ManagementJazz for Service Management topics use path name variables for paths to commondirectories, for example, home directories.
Jazz for Service Management home directory
The JazzSM_HOME variable describes the location where Jazz for ServiceManagement is installed. This location can be specified during installation. If notspecified, the following default locations are used: AIX Linux
v Root user installations: /opt/IBM/JazzSMv Non-root user installations: <user_home_directory>IBM/JazzSM
Jazz for Service Management profile directory
The JazzSM_WAS_Profile variable describes the location of the application serverprofile that is used for Jazz for Service Management. This location is in the/profile subdirectory of the Jazz for Service Management home directory.
AIX Linux
v Root user installations: /opt/IBM/JazzSM/profilev Non-root user installations: <user_home_directory>IBM/JazzSM/profile
Jazz for Service Management profile name
The JazzSM_Profile_Name variable refers to the name assigned to the WebSphere®
Application Server profile for Jazz for Service Management. The default name isJazzSMProfile.
Installation images home directory
The Install_Imgs_Home variable describes the common root directory that containsthe extracted contents of the installation images depending on the installationscenario.
Full installationIBM DB2®, IBM WebSphere Application Server .
Attention: You must extract the contents of the installation media for thissoftware to the same common root directory, otherwise the full installationdisplays error messages for missing software.
Custom installationIBM WebSphere Application Server, if you do not want to use an existinginstallation.
Chapter 3. Configure Jazz for Service Management portal 15
Note: It is not necessary to extract the contents of the installation mediafor this software to the same common root directory, but it is preferable tomaintain all extracted installation media in a central location.
Jazz for Service Management installation images home directory
The JazzSM_Image_Home variable describes the common root directory in which theJazz for Service Management is extracted. It contains the launchpad, IBMInstallation Manager, IBM Prerequisite Scanner, the Installation Manager repositorywith the software packages for the integration services except Tivoli CommonReporting.
Tip: Ensure that the path to the JazzSM_Image_Home directory does not contain anyspaces or special characters, otherwise the launchpad does not start.
IBM DB2 home
The DB2_HOME variable describes the location where IBM DB2 is installed. Thislocation is specified during installation. If not specified, the following defaultlocations are used: AIX Linux
v Root user installations: /opt/ibm/db2v Non-root user installations: $HOME/sqllib
$HOME represents the non-root user's home directory.
WebSphere Application Server home directory
The WAS_HOME variable describes the location where WebSphere ApplicationServer is installed. This location is specified during installation. If not specified, thefollowing default locations are used: AIX Linux
v Root user installations: /opt/IBM/WebSphere/AppServerv Non-root user installations: <user_home_directory>IBM/WebSphere/AppServer
Administration Services home directory
The ADMIN_HOME variable describes the location where Administration Servicesis installed. This location can be specified during installation. If not specified, thefollowing default locations are used: AIX Linux
v Root user installations: /opt/IBM/JazzSM/adminv Non-root user installations: /home/nonrootuser_name/IBM/JazzSM/admin
Administration Services UI home directory
The ADMINUI_HOME variable describes the location where AdministrationServices UI is installed. This location can be specified during installation. If notspecified, the following default locations are used: AIX Linux
v Root user installations: /opt/IBM/JazzSM/adminuiv Non-root user installations: /home/nonrootuser_name/IBM/JazzSM/adminui
16 Configuring Network Performance Insight
Registry Services home directory
The REGISTRY_HOME variable describes the location where Registry Services isinstalled. This location can be specified during installation. If not specified, thefollowing default locations are used: AIX Linux
v Root user installations: /opt/IBM/JazzSM/registryv Non-root user installations: /home/nonrootuser_name/IBM/JazzSM/registry
Security Services home directory
The SECURITY_HOME variable describes the location where Security Services isinstalled. This location can be specified during installation. If not specified, thefollowing default locations are used: AIX Linux
v Root user installations: /opt/IBM/JazzSM/securityv Non-root user installations: /home/nonrootuser_name/IBM/JazzSM/security
Dashboard Application Services Hub home directory
The DASH_HOME variable describes the location where Dashboard ApplicationServices Hub is installed. This location can be specified during installation. If notspecified, the following default locations are used: AIX Linux
v Root user installations: /opt/IBM/JazzSM/uiv Non-root user installations: <user_home_directory>IBM/JazzSM/ui
Dashboard Application Services Hub profile directory
The DASH_Profile variable describes the location of the application server profilethat is used for Dashboard Application Services Hub. This location is inthe/profiles subdirectory of the Jazz for Service Management home directory.
AIX Linux
v Root user installations: /opt/IBM/JazzSM/profilev Non-root user installations: <user_home_directory>IBM/JazzSM/profile
Full installation log directory
The Simple_install_log_dir directory into which general and offering specific logs arecreated during full installation: AIX Linux
v On UNIX systems: $HOME/jazzsm_launchpad/logs/
IBM Prerequisite Scanner installation directory
The ips_root directory that contains the contents of the extracted PrerequisiteScanner platform package. If not specified, the default locations are used: AIX
Linux
v On UNIX systems: Install_Imgs_Home/PrereqScanner/UNIX_LinuxRelated information:
Common directory locations
Chapter 3. Configure Jazz for Service Management portal 17
Groups and usersAll the required users and groups must be set up on the system before integration.
Create the following groups on the user repository that is used by the Jazz forService Management server:v npiuser
v npiadministrator
v ConsoleUser
v ConsoleAdmin
v WriteAdmin
v ReadAdmin
v manager-gui
v manager-script
v manager-jmx
v manager-status
A user who has access to all event management tasks that includes menu creationand tool creation must exist. If such a user does not exist, then create anappropriate user. Ensure that the user is assigned to a group npiadministrator orNetcool_OMNIbus_User and user role as ncw_admin or ncw_user.
Create the following users:v npiadmin
Must be a part of all the groups that are created earlier.v npiuser
Must be a part of the ConsoleUser and npiuser groups that are created earlier.
Creating users and groups in a repositorySecurity relies on users and user groups. You define the groups to which the usersbelong in the application server. For this purpose, you can configure a federatedrepository as a user registry or WebSphere Application Server-based repository.
Procedure1. Log in to Jazz for Service Management server.
See “Logging in to the Dashboard Application Services Hub portal” on page13.
2. Expand Console Settings > WebSphere Administrative Console.3. Click Launch WebSphere Administrative Console.4. In the side pane, open Users and Groups > Manage Groups.5. Click Create.6. Create all the groups that are specified in “Groups and users.”7. Click Close.
On the Manage Groups page, the table shows the existing groups.8. In the side pane, open Users and Groups > Manage Users.9. Click Create.
10. Create all the users that are specified in “Groups and users.”11. Assign this new user to a group.
a. Click Group Membership.
18 Configuring Network Performance Insight
b. On the Group Membership page, click Search.c. In the Available column, select a group and click Add.d. Click Close.e. Restart your application server.
What to do next
Alternatively you can use LDAP user registry, see “Adding the LDAP user registryas a federated repository” on page 26.
Granting roles to npiadmin userConsole users are granted access to resources based on the role to which they havebeen assigned.
Procedure1. Log in to Dashboard Application Services Hub portal as admin user. By default,
smadmin.2. In the navigation pane, select Console Settings > User Roles.3. To assign a role to a user, click Search. A list of available users is displayed.4. Click npiadmin user from the User ID column.
A list of available roles for the selected user is displayed on a new page. Thoseroles that are currently associated with the selected user are checked.
5. Select all the roles and assign to npiadmin user.This grants all the Dashboard Application Services Hub roles to npiadmin user.
6. Click Save.
What to do next
Log off from Dashboard Application Services Hub and log in again to ensure allthe privileges that include admin privileges are available to the npiadmin user.Related tasks:“Creating users and groups in a repository” on page 18Security relies on users and user groups. You define the groups to which the usersbelong in the application server. For this purpose, you can configure a federatedrepository as a user registry or WebSphere Application Server-based repository.
Single sign-onThe single sign-on (SSO) capability in Tivoli products means that you can log on toone Tivoli application, and then start other Tivoli web-based or web-enabledapplications without having to reenter your user credentials.
The repository for the user IDs can be the Tivoli Netcool/OMNIbus ObjectServeror a Lightweight Directory Access Protocol (LDAP) registry. A user logs on to oneof the participating applications, at which time their credentials are authenticatedat a central repository. With the credentials authenticated to a central location, theuser can then start from one application to another to view related data or performactions. Single sign-on can be achieved between applications that are deployed toDashboard Application Services Hub servers on multiple machines.
Chapter 3. Configure Jazz for Service Management portal 19
Single sign-on capabilities require that the participating products use LightweightThird Party Authentication (LTPA) as the authentication mechanism. When SSO isenabled, a cookie is created containing the LTPA token and inserted into the HTTPresponse.
When the user accesses other web resources (portlets) in any other applicationserver process in the same Domain Name Service (DNS) domain, the cookie is sentwith the request. The LTPA token is then extracted from the cookie and validated.If the request is between different cells of application servers, you must share theLTPA keys and the user registry between the cells for SSO to work. The realmnames on each system in the SSO domain are case-sensitive and must matchexactly.
Configuring single sign-on on the Jazz for ServiceManagement server
Use these instructions to establish single sign-on support and configure a federatedrepository.
Before you begin
Configuring SSO is a prerequisite to integrating products that are deployed onmultiple servers. All Jazz for Service Management server instances must point tothe central user registry (such as a Lightweight Directory Access Protocol server).
About this task
To configure Global Security to enable SSO, follow these steps:
Procedure1. Log in to Jazz for Service Management server as admin user.
See “Logging in to the Dashboard Application Services Hub portal” on page13.
2. In the navigation pane, click Console Settings > Websphere AdministrativeConsole and click Launch Websphere administrative console.
3. In the WebSphere Application Server administrative console navigation pane,click Security > Global security.
4. In the Administrative Security section, select the Enable administrativesecurity check box.
5. In the Application Security section, select the Enable application securitycheck box.
6. In the Authentication section, expand Web and SIP security and click Singlesign-on (SSO).
7. Click Enabled option if the SSO is disabled.8. Click Requires SSL if all the requests are expected to use HTTPS.9. Enter the fully qualified domain names in the Domain name field where SSO
is effective. For example, .ibm.comIf the domain name is not fully qualified, the Jazz for Service ManagementServer does not set a domain name value for the LtpaToken cookie and SSO isvalid only for the server that created the cookie. Single sign-on feature isnecessary for different components of Netcool Operations Insight to interact
20 Configuring Network Performance Insight
with each other. For SSO to work across the Tivoli applications, theirapplication servers must be installed in same domain (use the same domainname).
10. Set the LTPA V2 Cookie name to LtpaToken2.11. Optional: Enable the Interoperability Mode option if you want to support
SSO connections in WebSphere Application Server version 5.1.1 or later tointeroperate with previous versions of the application server.
12. Select the Web inbound security attribute propagation check box topropagate information from the first login application server to the otherapplication servers.
13. Clear the Set security cookies to HTTPOnly to help prevent cross-sitescripting attacks check box.
14. Click OK to save your changes.15. Stop and restart all the Jazz for Service Management server instances.
What to do next
When you start Jazz for Service Management, you must use a URL in the formatprotocol://host.domain:port /*. If you do not use a fully qualified domain name,Jazz for Service Management cannot use SSO between Tivoli products.
The configured single sign-on uses SSO tokens that are set in HTTP cookies tocarry authenticated sessions. By default, these cookies expire after 120 minutes. Tochange this value, follow these steps:1. In the WebSphere Application Server administrative console navigation pane,
click Security > Global security.2. In the Authentication section, click LTPA.3. Change the LTPA timeout value to a different value.
This value must be greater than the Cache timeout.
The credentials expire after the specified period you might have to revalidate yourcredentials.Related tasks:“Stopping Jazz for Service Management application servers” on page 14You can stop any Jazz for Service Management application server by using the IBMWebSphere stopServer command. You might need to restart the application serverafter you complete a configuration task for an integration service, or stop theapplication server for maintenance. To start the server again, use the startServercommand.“Starting Jazz for Service Management application servers” on page 14You can start any Jazz for Service Management virtualization and reporting serversby using the IBM WebSphere startServer command. You might need to restart theapplication server after you complete a configuration task for an integrationservice, or after you stop the application server for maintenance.Related information:
Configuring Jazz for Service Management for SSO
Chapter 3. Configure Jazz for Service Management portal 21
Configuring the SSL communication for integrationThe Secure Sockets Layer (SSL) protocol provides secure communications betweenremote server processes or endpoints. SSL security can be used for establishingcommunications inbound to and outbound from an endpoint. To establish securecommunications, a certificate and an SSL configuration must be specified for theendpoint.
Before you begin
Configure SSL communication after you install Network Performance Insight.
About this task
You must configure the SSL one time only. If you are reinstalling or upgradingNetwork Performance Insight, back up the /opt/IBM/NPI/conf/security folderfrom previous installation and restore it in new installation. Follow these steps tocomplete the SSL configuration for the integration of Network Performance Insightwith Tivoli Netcool/OMNIbus.
Generating the SSL certificate for Network PerformanceInsight system
SSL uses digital certificates for key exchange and authentication. When a clientinitiates an SSL connection, the server presents the client with a certificate that issigned by a Certificate Authority (CA). A CA is a trusted party that guarantees theidentity of the certificate and its creator. The server certificate contains the identityof the server, the public key, and the digital signature of the certificate issuer.
Procedure1. Log in to the Jazz for Service Management server as admin user.
See “Logging in to the Dashboard Application Services Hub portal” on page 13.2. Expand Console Settings > WebSphere Administrative Console.3. Click Launch WebSphere Administrative Console.4. Expand Security and select SSL certificate and key management > Keystores
and certificates > NodeDefaultKeyStore.5. Click Personal certificates from the Additional Properties section.6. Select Chained Certificate from the Create list.
A chained personal certificate is a personal certificate that is created by usinganother certificate's private key to sign it.Provide the following mandatory details as needed:
Option Description Suggested value
Alias Specifies the alias name toidentify the certificate in thekeystore and is used to label thecertificate object.
NPI
Root certificateused to sign thecertificate
Specifies the personal certificatein the keystore that is used tocreate the chained personalcertificate
root
22 Configuring Network Performance Insight
Option Description Suggested value
Key size Specifies the key size of theprivate key that is used by thepersonal certificate
1024
Common name Specifies the common nameportion of the distinguishedname. Fully qualified DNS nameof the Network PerformanceInsight server where thecertificate is available.
<myserver.ibm.com>
Validity period Specifies the length in days, whenthe certificate is valid. The defaultis 365 days.
732
Organization Specifies the organization portionof the distinguished name.
IBM
Organization unit Specifies the organization unitportion of the distinguishedname. This is an optional value.
JazzSMNode01
Country or region Specifies the country portion ofthe distinguished name.
US
7. Click Apply, and then click the Save link in the Messages box.The new personal certificate is created with the alias name as NPI.
What to do next
Export the certificate to keystore.Related tasks:Exporting SSL personal certificateConfigure security for Secure Socket Layer (SSL) and key management, certificates,and notifications. The SSL protocol provides secure communications betweenremote server processes or endpoints. SSL security can be used for establishingcommunications inbound to and outbound from an endpoint. To establish securecommunications, a certificate and an SSL configuration must be specified for theendpoint.
Exporting SSL personal certificate for Network PerformanceInsight system
Configure security for Secure Socket Layer (SSL) and key management, certificates,and notifications. The SSL protocol provides secure communications betweenremote server processes or endpoints. SSL security can be used for establishingcommunications inbound to and outbound from an endpoint. To establish securecommunications, a certificate and an SSL configuration must be specified for theendpoint.
Procedure1. Export Jazz for Service Management SSL personal certificate.
a. Log in to the Jazz for Service Management server.b. Expand Console Settings > WebSphere Administrative Console.c. Click Launch WebSphere Administrative Console.d. Expand Security and select SSL certificate and key management >
Keystores and certificates > NodeDefaultKeyStore > Personal certificates.
Chapter 3. Configure Jazz for Service Management portal 23
e. Select the new personal certificate from list and click Export.f. Provide the following details in the General Properties section.
Option Description Suggested value
Key store password Specifies the password of thekeystore to use for theimport or export.
WebASNote: If you do not use thispassword, the exportoperation fails with an errorCWPKI0663E.
Alias Specifies the alias that thepersonal certificate isreferenced by in the keystore.
npi
Key store file Specifies to use a key storefile for the import. Full pathto the keystore file to becreated.
/opt/IBM/JazzSM/security.keystore
Type Specifies the type of thekeystore file.
JKS
Key file password Specifies the password that isused to access the key storefile.
WebASNote: If you do not use thispassword, the exportoperation fails with an errorCWPKI0663E.
g. Click Apply, and then click OK.2. Restart the Jazz for Service Management server.3. Locate the security.keystore file in <JazzSM_Home> directory.4. Copy the security.keystore file to Network Performance Insight installation
directory at the following location:<NPI_Home>/conf/security
Related information:
Configuring an SSL connection to an LDAP server
Copying Jazz for Service Management root certificate toNetwork Performance Insight
Procedure to extract the Jazz for Service Management root signer certificate fromJazz for Service Management keystore and add it to Network Performance Insightkeystore as a signer certificate.
About this taskv Extract the certificate from Jazz for Service Management.v Copy the certificate to the <NPI_Home>/conf/security directory.
Procedure1. Log in to the Jazz for Service Management server.2. Expand Console Settings > WebSphere Administrative Console.3. Click Launch WebSphere Administrative Console.4. Expand Security and select SSL certificate and key management > Keystores
and certificates > NodeDefaultTrustStore > Signer certificates.5. Click Extract.
24 Configuring Network Performance Insight
6. Specify the file name as WebSphereCACert.pem.7. Click Apply and click OK.
The exported Signer certificate file is saved in the directory as/opt/IBM/JazzSM/profile/etc/WebSphereCACert.pem.
8. Copy the certificate file to the server where Network Performance Insight isavailable in <NPI_Home>/conf/security directory.
9. Restart the Network Performance Insight application.Related tasks:“Controlling Network Performance Insight system” on page 5Commands to control the Network Performance Insight application processes.
Adding the root certificate to your browserThe WebSphereCACert.pem file that is extracted from Jazz for Service Managementmust be imported to browser’s Trusted CA Certificate store.
About this task
This task must be done on all computers that access Network Performance Insightdata for visualization. These steps differ on different browsers. Instructions areprovided for Internet Explorer and Firefox.
Procedure1. For Internet Explorer, follow these steps:
a. Click Tools > Internet Options.b. Click Content > Certificates > Trusted Root Certification Authorities.c. Click Import.d. Browse to the location of the exported WebSphereCACert.pem file.e. Click Next.f. Select to place the certificates in Trusted Root Certification Authorities
option and click Finish.2. For Firefox, follow these steps:
a. Click Tools > Options.b. Click Advanced > Certificates > View Certificates.c. Click Authorities > Import.d. Browse to the location of the exported WebSphereCACert.pem file and click
Open.e. Select all the check boxes on the Downloading Certificate page and click
OK.f. Click OK to close the window.
Chapter 3. Configure Jazz for Service Management portal 25
Adding the root certificate to JRE keystore on your desktopThe Active Event List (AEL) is an interactive Java applet for displaying alert datafrom the ObjectServer. The Java applets use different certificate stores frombrowsers and must be configured separately. The root certificate must be added tothe Signer CA store for the JRE by using the Java Control Panel on Windowsclients or System Preferences on other platforms.
About this task
This certificate must be added to the computer that you use to view NetworkPerformance Insight visualization dashboards.
Procedure1. On a Windows computer, click Start > Control Panel > Java.2. Click the Security tab, and then click Manage Certificates.3. Click the User tab and select Signer CA from the Certificate type list.4. Click Import.5. Browse to the location where you exported the WebSphereCACert.pem file and
click Open.6. Click Close to close the Certificates window.7. Click Apply and click OK to close the Java Control Panel.
Adding the LDAP user registry as a federated repositoryThis feature enables support for using an LDAP server as a user registry. Thisfeature is an alternative to the use of Jazz for Service Management built-infile-based user repository. After you set up the LDAP server, you must add it as afederated repository. You can configure the Web GUI to authenticate users andgroups against an LDAP directory.
Before you begin
Before you configure the user registry or repository, decide which user registry orrepository to use.
About this task
Configure Lightweight Directory Access Protocol (LDAP) settings in a federatedrepository configuration. This step is not required if you have created your userrepository on WebSphere Application Server as described in “Creating users andgroups in a repository” on page 18.
Procedure1. Log in to Jazz for Service Management server.2. Expand Console Settings > WebSphere Administrative Console.3. Click Launch WebSphere Administrative Console.4. Select Security > Global security.5. Under User account repository, select Federated Repository and click the
Configure button.6. In the Global security > Federated repositories page, click Add Repositories
(LDAP, custom,etc...).
26 Configuring Network Performance Insight
7. In the Global security > Federated repositories > Repository reference page,select LDAP repository from the New Repository list.
8. In the Global security > Federated repositories > Repository reference >New page, specify the name of the LDAP repository and other detailsaccording to your requirements. For example, enter the following details:
Option Description
Repository identifier Specifies a unique identifier for the LDAPrepository. This identifier uniquely identifiesthe repository within the cell, for example:LDAP1.
Directory type Specifies the type of LDAP server to whichyou connect. Select Custom.
Primary host name Specifies the host name of the primaryLDAP server. This host name is either an IPaddress or a domain name service (DNS)name.
Port Specifies the LDAP server port. For example,10389
Bind distinguished name Specifies the distinguished name (DN) forthe application server to use when bindingto the LDAP repository. For example,uid=admin,ou=system
Bind password Specifies the password for the applicationserver to use when binding to the LDAPrepository.
9. Click OK and save the configuration.10. In the Global security > Federated repositories > Repository reference page,
specify the value for Unique distinguished name of the base (or parent)entry in federated repositories .For example, dc=customer,dc=com
11. Click OK.12. In the Global security > Federated repositories page, select the link to the
LDAP repository that you created.13. In the Global security > Federated repositories > <LDAP Repository Name>
page, under Additional Properties, select Federated repositories entitytypes to LDAP object classes mapping link.In the Global security > Federated repositories > <LDAP Repository Name>> Federated repositories entity types to LDAP object classes mapping page,ensure that each entity type listed is mapped to the correct object classes.Modify the values according to your requirements.
14. Click New to create an entity and enter the following details:v Entity type = Groupv Object Classes = groupOfUniqueNamesv Search bases = ou=groups,dc=customer,dc=com
Note: Use the values that are specific to your server setup.15. Click New to create another entity and enter the following details:
v Entity type = PersonAccountv Object Classes = inetOrgPerson;organizationalPerson;person
Chapter 3. Configure Jazz for Service Management portal 27
v Search bases = ou=people,dc=customer,dc=com
Note: Use the values that are specific to your server setup.16. Click OK.17. In the Global security > Federated repositories page, select the link to the
LDAP repository that you created. Under Additional Properties, select Groupattribute definition.
18. In the Global security > Federated repositories > <LDAP Repository Name>> Group attribute definition page under Additional Properties, selectMember Attributes.
19. Define a new attribute that is called unqiuemember with direct scope and objectclass as groupOfUniqueNames.
20. Click OK to save the configuration.21. Restart the Jazz for Service Management server.Related information:
Selecting a registry or repository
Configuring Lightweight Directory Access Protocol user registries
Configuring Network Performance Insight console integration on Jazzfor Service Management
To display external content from a stand-alone console in the DashboardApplication Services Hub console, you can configure a new console integration.
Before you begin
Make sure that all these components of Jazz for Service Management are installed:v IBM Dashboard Application Services Hubv Administration Servicesv Administrative Services UIv Security Servicesv Registry Services
Note: If the Security Services are not installed, you might encounter anAuthentication Service client error with the following message ID:CTGES0039E
Procedure1. Log in to Jazz for Service Management server as an administrator user. See
“Logging in to the Dashboard Application Services Hub portal” on page 13.2. Click Console Settings > Console Integrations in the navigation bar.
A Console Integrations page is displayed, and existing console integrations (ifany) are listed in a table.
3. Click the New icon on the taskbar.The Console Integrations configuration page is displayed.
4. Required: Provide a meaningful name in the Console Integration Name fieldfor the console integration that you are creating.For example, NPI Console.
28 Configuring Network Performance Insight
This name is visible to all the users on Dashboard Application Services Hubportal as a folder on the main menu.
5. Enter a URL for the content in the Console Integration URL field that youwant to display in the Dashboard Application Services Hub console.For example, https://<myserver.mydomain.com>:9443/Blaze/rest<myserver.mydomain.com> is the fully qualified server name where NetworkPerformance Insight is installed.
Note: When you specify a URL, you must provide a fully qualified URL thatincludes https:// and a full host DNS name for SSO to work correctly.
6. Click Test Connection to test the connection for the URL that you entered.If the connection is unsuccessful, try to restart Network Performance Insightsystem. It might take sometime to see successful connection.For successful connections, a table lists the tasks available from stand-aloneconsole and attributes for each task.
7. Click Save to commit your settings. The new console integration is added tothe list in the Console Integrations page.
8. Close the Console Integrations page.
Results
If the connection test was successful, the specified stand-alone console content isavailable in the navigation bar of the Dashboard Application Services Hub console
through the
icon.Related information:
Stand-alone console content integration
Chapter 3. Configure Jazz for Service Management portal 29
30 Configuring Network Performance Insight
Appendix A. Starting Jazz for Service Management applicationservers
You can start any Jazz for Service Management virtualization and reporting serversby using the IBM WebSphere startServer command. You might need to restart theapplication server after you complete a configuration task for an integrationservice, or after you stop the application server for maintenance.
About this task
The same procedure applies to any Jazz for Service Management applicationserver.
Procedure1. On the relevant Jazz for Service Management server, open a command window.2. Change to the JazzSM_WAS_Profile/bin directory.
The default location for <JazzSM_WAS_Profile> is /opt/IBM/JazzSM/profile.3. Run the following command:
AIX
Linux
./startServer.sh server_name
Where
server_nameEnter the name of the application server that was specified when theapplication server profile was created.
For example, server1.
© Copyright IBM Corp. 2015, 2016 31
32 Configuring Network Performance Insight
Appendix B. Stopping Jazz for Service Managementapplication servers
You can stop any Jazz for Service Management application server by using the IBMWebSphere stopServer command. You might need to restart the application serverafter you complete a configuration task for an integration service, or stop theapplication server for maintenance. To start the server again, use the startServercommand.
Procedure1. On the relevant Jazz for Service Management server, open a command window.2. Change to the JazzSM_WAS_Profile/bin directory. The default location for
<JazzSM_WAS_Profile> is /opt/IBM/JazzSM/profile.3. Run the following command:
AIX
Linux
./stopServer.sh <server_name> -username <WAS_admin_user_name> -password <WAS_admin_password>
Where
server_nameEnter the name of the application server that was specified when theapplication server profile was created. For example, server1.
WAS_admin_user_nameThe default user name is smadmin.
WAS_admin_passwordThis is the password that is specified at the time of installation.
Example
stopServer.sh server1 -username smadmin -password jazzsmpwd
© Copyright IBM Corp. 2015, 2016 33
34 Configuring Network Performance Insight
Appendix C. Common directory locations for Jazz for ServiceManagement
Jazz for Service Management topics use path name variables for paths to commondirectories, for example, home directories.
Jazz for Service Management home directory
The JazzSM_HOME variable describes the location where Jazz for ServiceManagement is installed. This location can be specified during installation. If notspecified, the following default locations are used: AIX Linux
v Root user installations: /opt/IBM/JazzSMv Non-root user installations: <user_home_directory>IBM/JazzSM
Jazz for Service Management profile directory
The JazzSM_WAS_Profile variable describes the location of the application serverprofile that is used for Jazz for Service Management. This location is in the/profile subdirectory of the Jazz for Service Management home directory.
AIX Linux
v Root user installations: /opt/IBM/JazzSM/profilev Non-root user installations: <user_home_directory>IBM/JazzSM/profile
Jazz for Service Management profile name
The JazzSM_Profile_Name variable refers to the name assigned to the WebSphereApplication Server profile for Jazz for Service Management. The default name isJazzSMProfile.
Installation images home directory
The Install_Imgs_Home variable describes the common root directory that containsthe extracted contents of the installation images depending on the installationscenario.
Full installationIBM DB2, IBM WebSphere Application Server .
Attention: You must extract the contents of the installation media for thissoftware to the same common root directory, otherwise the full installationdisplays error messages for missing software.
Custom installationIBM WebSphere Application Server, if you do not want to use an existinginstallation.
Note: It is not necessary to extract the contents of the installation mediafor this software to the same common root directory, but it is preferable tomaintain all extracted installation media in a central location.
© Copyright IBM Corp. 2015, 2016 35
Jazz for Service Management installation images home directory
The JazzSM_Image_Home variable describes the common root directory in which theJazz for Service Management is extracted. It contains the launchpad, IBMInstallation Manager, IBM Prerequisite Scanner, the Installation Manager repositorywith the software packages for the integration services except Tivoli CommonReporting.
Tip: Ensure that the path to the JazzSM_Image_Home directory does not contain anyspaces or special characters, otherwise the launchpad does not start.
IBM DB2 home
The DB2_HOME variable describes the location where IBM DB2 is installed. Thislocation is specified during installation. If not specified, the following defaultlocations are used: AIX Linux
v Root user installations: /opt/ibm/db2v Non-root user installations: $HOME/sqllib
$HOME represents the non-root user's home directory.
WebSphere Application Server home directory
The WAS_HOME variable describes the location where WebSphere ApplicationServer is installed. This location is specified during installation. If not specified, thefollowing default locations are used: AIX Linux
v Root user installations: /opt/IBM/WebSphere/AppServerv Non-root user installations: <user_home_directory>IBM/WebSphere/AppServer
Administration Services home directory
The ADMIN_HOME variable describes the location where Administration Servicesis installed. This location can be specified during installation. If not specified, thefollowing default locations are used: AIX Linux
v Root user installations: /opt/IBM/JazzSM/adminv Non-root user installations: /home/nonrootuser_name/IBM/JazzSM/admin
Administration Services UI home directory
The ADMINUI_HOME variable describes the location where AdministrationServices UI is installed. This location can be specified during installation. If notspecified, the following default locations are used: AIX Linux
v Root user installations: /opt/IBM/JazzSM/adminuiv Non-root user installations: /home/nonrootuser_name/IBM/JazzSM/adminui
Registry Services home directory
The REGISTRY_HOME variable describes the location where Registry Services isinstalled. This location can be specified during installation. If not specified, thefollowing default locations are used: AIX Linux
v Root user installations: /opt/IBM/JazzSM/registryv Non-root user installations: /home/nonrootuser_name/IBM/JazzSM/registry
36 Configuring Network Performance Insight
Security Services home directory
The SECURITY_HOME variable describes the location where Security Services isinstalled. This location can be specified during installation. If not specified, thefollowing default locations are used: AIX Linux
v Root user installations: /opt/IBM/JazzSM/securityv Non-root user installations: /home/nonrootuser_name/IBM/JazzSM/security
Dashboard Application Services Hub home directory
The DASH_HOME variable describes the location where Dashboard ApplicationServices Hub is installed. This location can be specified during installation. If notspecified, the following default locations are used: AIX Linux
v Root user installations: /opt/IBM/JazzSM/uiv Non-root user installations: <user_home_directory>IBM/JazzSM/ui
Dashboard Application Services Hub profile directory
The DASH_Profile variable describes the location of the application server profilethat is used for Dashboard Application Services Hub. This location is inthe/profiles subdirectory of the Jazz for Service Management home directory.
AIX Linux
v Root user installations: /opt/IBM/JazzSM/profilev Non-root user installations: <user_home_directory>IBM/JazzSM/profile
Full installation log directory
The Simple_install_log_dir directory into which general and offering specific logs arecreated during full installation: AIX Linux
v On UNIX systems: $HOME/jazzsm_launchpad/logs/
IBM Prerequisite Scanner installation directory
The ips_root directory that contains the contents of the extracted PrerequisiteScanner platform package. If not specified, the default locations are used: AIX
Linux
v On UNIX systems: Install_Imgs_Home/PrereqScanner/UNIX_LinuxRelated information:
Common directory locations
Appendix C. Common directory locations for Jazz for Service Management 37
38 Configuring Network Performance Insight
Appendix D. service npi command reference
Usage for the service npi command. Run the service npi command to start, stop,and restart Network Performance Insight.
Location
Note: service npi command is intended to be run as root user to start NetworkPerformance Insight at system startup. It can be run by a non-root user, but itrequires the password of the user it is configured to run the system.
<NPI_Home>/service
NPI_Home is the location where Network Performance Insight is installed. Forexample, /opt/IBM/NPI.
Syntax
service npi {start| stop |restart |kill |status |version |help}
Parameters
startStarts Network Performance Insight application.
stopStops Network Performance Insight application.
restartStops and starts Network Performance Insight application.
killKills the Network Performance Insight application process by using thecommand kill -9.
statusChecks if Network Performance Insight application process ID (PID) is runningwhen you use the command ps -eaf.
versionShows the version of Network Performance Insight that is installed.
helpDisplays the usage for npi service command.
© Copyright IBM Corp. 2015, 2016 39
40 Configuring Network Performance Insight
Appendix E. npid command reference
Usage for the npid command. Run the npid command to start, stop, and restartNetwork Performance Insight.
Location
<NPI_Home>/bin
NPI_Home is the location where Network Performance Insight is installed. Forexample, /opt/IBM/NPI.
Syntax
npid {start| stop |restart |kill |status |version |help}
Parameters
startStarts Network Performance Insight application.
stopStops Network Performance Insight application.
restartStops and starts Network Performance Insight application.
killKills the Network Performance Insight application process by using thecommand kill -9.
statusChecks if Network Performance Insight process is running when you use thecommand ps -eaf.
versionShows the version of Network Performance Insight that is installed.
helpDisplays the usage for npid command.
© Copyright IBM Corp. 2015, 2016 41
42 Configuring Network Performance Insight
Notices
This information was developed for products and services offered in the US. Thismaterial might be available from IBM in other languages. However, you may berequired to own a copy of the product or product version in that language in orderto access it.
IBM may not offer the products, services, or features discussed in this document inother countries. Consult your local IBM representative for information on theproducts and services currently available in your area. Any reference to an IBMproduct, program, or service is not intended to state or imply that only that IBMproduct, program, or service may be used. Any functionally equivalent product,program, or service that does not infringe any IBM intellectual property right maybe used instead. However, it is the user's responsibility to evaluate and verify theoperation of any non-IBM product, program, or service.
IBM may have patents or pending patent applications covering subject matterdescribed in this document. The furnishing of this document does not grant youany license to these patents. You can send license inquiries, in writing, to:
IBM Director of LicensingIBM CorporationNorth Castle Drive, MD-NC119Armonk, NY 10504-1785US
For license inquiries regarding double-byte character set (DBCS) information,contact the IBM Intellectual Property Department in your country or sendinquiries, in writing, to:
Intellectual Property LicensingLegal and Intellectual Property LawIBM Japan Ltd.19-21, Nihonbashi-Hakozakicho, Chuo-kuTokyo 103-8510, Japan
INTERNATIONAL BUSINESS MACHINES CORPORATION PROVIDES THISPUBLICATION "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHEREXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIEDWARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY OR FITNESSFOR A PARTICULAR PURPOSE. Some jurisdictions do not allow disclaimer ofexpress or implied warranties in certain transactions, therefore, this statement maynot apply to you.
This information could include technical inaccuracies or typographical errors.Changes are periodically made to the information herein; these changes will beincorporated in new editions of the publication. IBM may make improvementsand/or changes in the product(s) and/or the program(s) described in thispublication at any time without notice.
Any references in this information to non-IBM websites are provided forconvenience only and do not in any manner serve as an endorsement of those
© Copyright IBM Corp. 2015, 2016 43
websites. The materials at those websites are not part of the materials for this IBMproduct and use of those websites is at your own risk.
IBM may use or distribute any of the information you provide in any way itbelieves appropriate without incurring any obligation to you.
Licensees of this program who wish to have information about it for the purposeof enabling: (i) the exchange of information between independently createdprograms and other programs (including this one) and (ii) the mutual use of theinformation which has been exchanged, should contact:
IBM Director of LicensingIBM CorporationNorth Castle Drive, MD-NC119Armonk, NY 10504-1785US
Such information may be available, subject to appropriate terms and conditions,including in some cases, payment of a fee.
The licensed program described in this document and all licensed materialavailable for it are provided by IBM under terms of the IBM Customer Agreement,IBM International Program License Agreement or any equivalent agreementbetween us.
The performance data discussed herein is presented as derived under specificoperating conditions. Actual results may vary.
The client examples cited are presented for illustrative purposes only. Actualperformance results may vary depending on specific configurations and operatingconditions.
Information concerning non-IBM products was obtained from the suppliers ofthose products, their published announcements or other publicly available sources.IBM has not tested those products and cannot confirm the accuracy ofperformance, compatibility or any other claims related to non-IBM products.Questions on the capabilities of non-IBM products should be addressed to thesuppliers of those products.
Statements regarding IBM's future direction or intent are subject to change orwithdrawal without notice, and represent goals and objectives only.
All IBM prices shown are IBM's suggested retail prices, are current and are subjectto change without notice. Dealer prices may vary.
This information is for planning purposes only. The information herein is subject tochange before the products described become available.
This information contains examples of data and reports used in daily businessoperations. To illustrate them as completely as possible, the examples include thenames of individuals, companies, brands, and products. All of these names arefictitious and any similarity to actual people or business enterprises is entirelycoincidental.
COPYRIGHT LICENSE:
44 Configuring Network Performance Insight
This information contains sample application programs in source language, whichillustrate programming techniques on various operating platforms. You may copy,modify, and distribute these sample programs in any form without payment toIBM, for the purposes of developing, using, marketing or distributing applicationprograms conforming to the application programming interface for the operatingplatform for which the sample programs are written. These examples have notbeen thoroughly tested under all conditions. IBM, therefore, cannot guarantee orimply reliability, serviceability, or function of these programs. The sampleprograms are provided "AS IS", without warranty of any kind. IBM shall not beliable for any damages arising out of your use of the sample programs.
Each copy or any portion of these sample programs or any derivative work mustinclude a copyright notice as follows:
© (your company name) (year).Portions of this code are derived from IBM Corp. Sample Programs.© Copyright IBM Corp. _enter the year or years_.
TrademarksIBM, the IBM logo, and ibm.com are trademarks or registered trademarks ofInternational Business Machines Corp., registered in many jurisdictions worldwide.Other product and service names might be trademarks of IBM or other companies.A current list of IBM trademarks is available on the web at "Copyright andtrademark information" at www.ibm.com/legal/copytrade.shtml.
Adobe, Acrobat, PostScript and all Adobe-based trademarks are either registeredtrademarks or trademarks of Adobe Systems Incorporated in the United States,other countries, or both.
IT Infrastructure Library is a registered trademark of the Central Computer andTelecommunications Agency which is now part of the Office of GovernmentCommerce.
Intel, Intel logo, Intel Inside, Intel Inside logo, Intel Centrino, Intel Centrino logo,Celeron, Intel Xeon, Intel SpeedStep, Itanium, and Pentium are trademarks orregistered trademarks of Intel Corporation or its subsidiaries in the United Statesand other countries.
Linux is a registered trademark of Linus Torvalds in the United States, othercountries, or both
Microsoft and Windows are trademarks of Microsoft Corporation in the UnitedStates, other countries, or both.
ITIL is a registered trademark, and a registered community trademark of TheMinister for the Cabinet Office, and is registered in the U.S. Patent and TrademarkOffice.
UNIX is a registered trademark of The Open Group in the United States and othercountries.
Notices 45
Java and all Java-based trademarks and logosare trademarks or registered trademarks ofOracle and/or its affiliates.
Cell Broadband Engine is a trademark of Sony Computer Entertainment, Inc. in theUnited States, other countries, or both and is used under license therefrom.
Linear Tape-Open, LTO, the LTO Logo, Ultrium, and the Ultrium logo aretrademarks of HP, IBM Corp. and Quantum in the U.S. and other countries.
Terms and conditions for product documentationPermissions for the use of these publications are granted subject to the followingterms and conditions.
Applicability
These terms and conditions are in addition to any terms of use for the IBMwebsite.
Personal use
You may reproduce these publications for your personal, noncommercial useprovided that all proprietary notices are preserved. You may not distribute, displayor make derivative work of these publications, or any portion thereof, without theexpress consent of IBM.
Commercial use
You may reproduce, distribute and display these publications solely within yourenterprise provided that all proprietary notices are preserved. You may not makederivative works of these publications, or reproduce, distribute or display thesepublications or any portion thereof outside your enterprise, without the expressconsent of IBM.
Rights
Except as expressly granted in this permission, no other permissions, licenses orrights are granted, either express or implied, to the publications or anyinformation, data, software or other intellectual property contained therein.
IBM reserves the right to withdraw the permissions granted herein whenever, in itsdiscretion, the use of the publications is detrimental to its interest or, asdetermined by IBM, the above instructions are not being properly followed.
You may not download, export or re-export this information except in fullcompliance with all applicable laws and regulations, including all United Statesexport laws and regulations.
IBM MAKES NO GUARANTEE ABOUT THE CONTENT OF THESEPUBLICATIONS. THE PUBLICATIONS ARE PROVIDED "AS-IS" AND WITHOUTWARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDINGBUT NOT LIMITED TO IMPLIED WARRANTIES OF MERCHANTABILITY,
46 Configuring Network Performance Insight
NON-INFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE.
Notices 47
48 Configuring Network Performance Insight
IBM®
Printed in USA